issue with passing datetime fromDate toDate in url

0
votes

I issue passing data to url when I user input datetime fromDate and toDate it webapi I get bad request because of ':' BTW I use [System.Web.Http.Route("api/{fromDate:datetime}/{toDate:datetime}/searchDateRange")] on my web method but is not working can someone help me

Error

Server Error in '/' Application.

A potentially dangerous Request.Path value was detected from the client (:).

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Web.HttpException: A potentially dangerous Request.Path value was detected from the client (:).

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[HttpException (0x80004005): A potentially dangerous Request.Path value was detected from the client (:).]
System.Web.HttpRequest.ValidateInputIfRequiredByConfig() +9693412
System.Web.PipelineStepManager.ValidateHelper(HttpContext context) +53

Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.34248

    [System.Web.Http.Route("api/{fromDate:datetime}/{toDate:datetime}/searchDateRange")]
            public IEnumerable<FormViewModelBase> GetFormsByDateRange(DateTime fromDate, DateTime toDate)
            {
//codehere 
}
2
c#asp.netdatetimeasp.net-web-api
possible duplicate of Using HttpClient to Send Dates in URL Using AttributeRoutingLeonid Vasilev

2 Answers

2
votes

I found solution

1- use momentjs to convert it to utc and use format YYYYMMDDHHmmss

        var fromDate = moment(searchText.fromDateSearch).utc().format('YYYYMMDDHHmmss');
        var toDate = moment(searchText.toDateSearch).utc().format('YYYYMMDDHHmmss');
        url = ' api/' + fromDate + '/' + toDate + '/searchDateRange' ;

2- in webapi level convert string to datetime 

[System.Web.Http.Route("api/{fromDate}/{toDate}/searchDateRange")]
            public IEnumerable<FormViewModelBase> GetFormsByDateRange(string fromDate, string toDate)
            {

                var fromDateSearch = DateTime.ParseExact(fromDate, "yyyyMMddHHmmss", CultureInfo.InvariantCulture);
                var toDateSearch = DateTime.ParseExact(toDate, "yyyyMMddHHmmss", CultureInfo.InvariantCulture);
            }
1
votes

Since you are using datetime, the colon is obviously with the time, and as such the server does see the colon as a dangerous parameter. Can you pass just the date component, not the time included? Or, accept the parameters as string, and format the parameters to send a time without the :, but with another separator character. Then you can parse the parameters and replace the separator back to colon and process accordingly.

Also, I would think the / in the date would be a problem with the recognition so are you using a date in XX-XX-XXXX or XXXX-XX-XX format?